Event #25 - Feb 28 2013: OWASP Top 10 No-No's

Once again, a huge thanks to Microsoft Cyprus for hosting our first offline event for 2013 and especially to our good friend Valentinos Georgiades, Developer and Platform Evangelist (Microsoft Cyprus & Malta) for his outstanding and continuous efforts towards supporting our User Group.

This event was dedicated to security focusing on how we can secure our ASP .NET applications during their design, development and deployment. The speaker was Ioannis Stavrinides (MCTS, MCPD, MCITP, MCSA and MCSE). Ioannis (Blog | Twitter) is an active member of our User Group and an information security enthusiast with an extensive application development background.

The Open Web Application Security Project (OWASP) periodically publishes, among other, a top 10 awareness document, containing the top 10 most commonly found web application vulnerabilities that are code-related. In this session, Ioannis presented the Top 10 No-No's that need to be taken into serious consideration when designing , developing and deploying ASP.NET web applications.

The top 10 vulnerabilities presented by Ioannis are:

Injection

Cross-Site Scripting (XSS)

Broken Authentication and Session Management

Insecure Direct Object References

Cross-Site Request Forgery (CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

Failure to Restrict URL Access

Insufficient Transport Layer Protection

Unvalidated Redirects and Forwards

Ioannis performed many demos during his session lively illustrating the vulnerabilities and explaining how they can be avoided, thus making a web application more secure. The session was very interesting and some really long discussions followed.

You can view/download the presentation from here:

OWASP Top 10 No-Nos

A huge thanks goes to Ioannis for presenting a great session and of course, to our sponsor, Microsoft-Cyprus for hosting the event.